Direct static code injection vulnerability in chat/login.php in Ultimate PHP Board (UPB) 2.0b1 and earlier allows remote attackers to inject arbitrary PHP code via the username parameter, which is injected into chat/text.php.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ultimate_php_board | Ultimate_php_board | * | 2.0_beta_1 (including) |